rc1986 Posted March 20, 2014 Share Posted March 20, 2014 Hi All, I've been playing around with creating a Windows custom event log using AutoIT and have come up with the following so far. ; Event Log Creation Reg Entries RegWrite("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\TestApp\TestApp", "CustomSource", "REG_DWORD", "1") RegWrite("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\TestApp\TestApp", "EventMessageFile", "REG_EXPAND_SZ", "%SystemRoot%\System32\EventCreate.exe") RegWrite("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\TestApp", "Sources", "REG_MULTI_SZ", "TestApp") RegWrite("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\TestApp", "File", "REG_EXPAND_SZ", "%SystemRoot%\system32\winevt\Logs\TestApp.evtx") RegWrite("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\TestApp", "Retention", "REG_DWORD", "0") RegWrite("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\TestApp", "MaxSize", "REG_DWORD", "524288") ; My little function based on the EventLog.au3 to make it easier within my code. ; Create Event Log | 1=Error, 2=Warning, 4=Information Func _CreateEventLog($Type,$EventID,$Desc) local $aEmpty[1] = [0] $hEventLog = _EventLog__Open("", "TestApp") _EventLog__Report($hEventLog, $Type, 0, $EventID, 0,$Desc, $aEmpty) _EventLog__Close($hEventLog) logging("EVENT" & @TAB & "An event has been logged to the TestApp Event Log." & @CRLF) EndFunc ; Creating an event log entry _CreateEventLog(1,900,@CRLF & 'Test Message') This seems to work nice and well however I'm receiving some strange entries in the custom event log every now and then: The description for Event ID 909 from source TestApp cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: And then my message shows. Does anyone have any clue why this would be? I think my code is OK that bit seems to send the message to the event log however something is missing. I've read up on message files and putting an entry for them in the registry however that will give me very specific event log entries and I want mine to be dynamic within my code. Any ideas anyone? Thanks, Rob Thanks Rob Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now